1. Imprint (Impressum)

This legal disclosure is provided in accordance with §5 of the Austrian E-Commerce Act (E-Commerce-Gesetz, ECG) and §25 of the Austrian Media Act (Mediengesetz). All information below pertains to the website Spacegraph and its service provider, LETO SPACE GmbH.

Service Provider / Publisher: LETO SPACE GmbH (Gesellschaft mit beschränkter Haftung)

Registered Address: Stremayrgasse 16, 8010 Graz, Austria

Commercial Registration: Registered with the Companies Register at the Commercial Court of Graz under registration number FN 609684w.

Managing Director: Patrick Pils

VAT Identification Number (UID): ATU79711509

Contact Email: office@leto.space

Contact Phone: +43 676 4554355

Trade Authority (per ECG): Landesgericht für Zivilrechtssachen Graz

Media Owner and Publisher: LETO SPACE GmbH, Stremayrgasse 16, 8010 Graz, Austria. Place of publication: Graz, Austria.

Primary Purpose of Website: To provide a web-based platform (“Spacegraph”) that offers information and market intelligence on space-related companies and solutions, and to facilitate networking by connecting users with space solution providers. The content published on this website serves to increase transparency in the space sector and support collaboration between interested parties and solution providers.

Online Dispute Resolution: The European Commission provides an Online Dispute Resolution (ODR) platform for consumer disputes, available at https://ec.europa.eu/consumers/odr. We are neither obliged nor willing to participate in dispute resolution proceedings before a consumer arbitration board.

Disclaimer: The content of this website is created and updated with care; however, LETO SPACE GmbH makes no guarantee as to the accuracy, completeness, or timeliness of the information provided. Use of any information from this site is at the user’s own risk. In addition, we assume no liability for the content of external websites linked on Spacegraph – the responsibility for external links rests solely with the operators of those external sites.

Copyright Notice: All materials on this website – including text, images, graphics, data compilations, and software – are protected by copyright and other intellectual property laws. Unauthorized use, copying, reproduction, or distribution of any content from this site is prohibited without prior written consent from LETO SPACE GmbH or the respective rights holders.

2. Terms and Conditions (Allgemeine Geschäftsbedingungen)

1. Scope and Acceptance

These Terms and Conditions (“Terms”) govern the use of the Spacegraph web application and all related services provided by LETO SPACE GmbH (“LETO SPACE”, “we”, “us” or “the Company”) to the user (“you” or “User”). By accessing, registering an account, or using the Spacegraph platform, you agree to be bound by these Terms, as well as our Privacy Policy and Cookie Notice which are incorporated herein by reference. If you do not agree with any of these Terms, you must refrain from using Spacegraph. Users who are acting on behalf of a company or other legal entity represent that they have the authority to bind that entity to these Terms, in which case “you” will refer to the entity. These Terms apply to all users of Spacegraph, including individuals seeking information (“standard users”) and solution providers offering services or products (“Solution Providers”), except where additional or separate terms apply for Solution Providers as noted.

2. The Spacegraph Service

Spacegraph is an online platform operated by LETO SPACE GmbH that collects and aggregates public and user-submitted data about companies, products, and solutions in the space industry. We analyze this information and provide it to Users in the form of company profiles, solution descriptions, market reports, and other insights, alongside our own commentary and analysis.

Spacegraph may publish excerpts, quotations, or paraphrased summaries from third-party works that have been lawfully published, strictly in accordance with § 51 of the Austrian Copyright Act (UrhG) and similar provisions under applicable copyright laws. Such use is exclusively for purposes of criticism, commentary, review or explanation of the referenced content.

Spacegraph also enables Users to connect and communicate with third-party solution providers through the platform. The information and content available on Spacegraph are for general informational purposes to enhance transparency in the space sector. While we strive to keep content up-to-date and accurate, LETO SPACE does not guarantee that the information on the platform is complete, reliable, or free from errors. We reserve the right to modify or remove content, and to add, change, or discontinue features of the service at any time at our discretion.

3. User Registration and Accounts

Certain features of Spacegraph (such as contributing information or accessing detailed data) require you to register for a user account. When registering, you must provide truthful, accurate, and complete information about yourself (and/or your company, if applicable) and keep this information updated. You are responsible for maintaining the confidentiality of your account login credentials and for all activities that occur under your account. You must be at least 18 years old (or the age of majority in your jurisdiction) to register and use Spacegraph. Accounts are personal to the registered user or entity and may not be shared or transferred without our written approval. If you suspect any unauthorized use of your account or a security breach, you must notify us immediately. We reserve the right to refuse registration, suspend, or terminate accounts that violate these Terms or where we deem it necessary to protect our platform (see Section 15 on Termination).

4. Services and Paid Features

Spacegraph is provided on a freemium basis. Basic access – including searching the platform, viewing basic company and solution information, and certain analytical previews – is offered free of charge once you register. Premium features are available for purchase. These may include, for example, in-depth market reports, comprehensive analytics, or enhanced profile access:

Market Reports and Analytics: Users can purchase detailed market research reports or data analytics through the platform. These digital products may be offered on a one-time purchase basis or via subscription plans, as specified at the time of purchase. Pricing and content details will be shown in the ordering process.
Solution Provider Premium Accounts: Solution Providers (companies offering space-related solutions) may opt to buy premium listings or subscription licenses to access additional platform features – such as enhanced company profiles, lead generation tools, or the ability to receive and respond to user contact requests. Such Solution Provider services may be governed by these Terms and/or a separate agreement or license terms provided during sign-up or purchase.

All fees for paid features are displayed in the platform (in EUR, unless stated otherwise) and are due at the time of purchase. We reserve the right to change our pricing or introduce new paid features, and will inform you of prices at the point of purchase.

Taxes: Prices are stated exclusive of any applicable taxes or duties unless otherwise noted. If any such taxes (e.g. VAT) apply, they will be added as required by law.

5. User Contributions and Content

Users may have the opportunity to submit or contribute content to Spacegraph, such as providing information about a company or solution, posting reviews or comments, or suggesting edits (“User Content”). If you contribute any content, you are solely responsible for that content. You agree that you will only submit content that is accurate (to the best of your knowledge), lawful, and for which you have the necessary rights and permissions to share. You must not upload or provide any content that is confidential or proprietary to a third party unless you have that third party’s explicit consent.

By submitting User Content on Spacegraph, you grant LETO SPACE GmbH a non-exclusive, worldwide, royalty-free, sublicensable license to use, reproduce, edit, adapt, publish, translate, distribute, and display that content on the Spacegraph platform and in any related materials or publications. This license is solely for the purpose of operating and improving the platform and providing the Spacegraph services (including promotional purposes). You retain any ownership rights you have in your content, and the license to us does not affect your rights to use the same content elsewhere.

We reserve the right (but have no obligation) to review, monitor, and moderate User Content. We may remove or edit User Content at our discretion, particularly if we believe it violates these Terms, our policies, or applicable laws, or if it is false or misleading. However, we are not responsible for any failure or delay in removing such material. Users can report content that they believe violates these Terms via the contact information in the Imprint.

6. Connecting with Solution Providers

One key feature of Spacegraph is the ability for Users to initiate contact or request information from third-party solution providers listed on the platform. If you choose to connect with or request to be contacted by a Solution Provider (for example, by clicking a “Connect” or “Contact Provider” button or similar and submitting your details), you consent to our sharing of your relevant personal and business contact information with that specific Solution Provider for the purpose of facilitating the connection. Only data necessary to fulfill your request will be shared (e.g. your name, company name, job title, email, phone number, and the context of your inquiry).

When a connection is made, any subsequent interaction, communication, or contractual relationship is solely between you and the Solution Provider. LETO SPACE GmbH and Spacegraph are not a party to any contracts for products or services that you may negotiate or enter into with a Solution Provider, and we do not guarantee any particular outcome or the quality of any products/services that a Solution Provider may offer. We simply provide the platform to introduce users and providers.

Please note that Solution Providers are independent third parties. While we may screen or vet Solution Providers who use our platform to some degree, Spacegraph does not endorse or make any warranties regarding any Solution Provider or their offerings. Users are advised to conduct their own due diligence before relying on any information or entering into any agreement with a Solution Provider. Any data or content a Solution Provider provides on our platform is considered third-party content, for which we are not responsible. However, Solution Providers are expected to use any personal data of Users obtained via Spacegraph solely for the purposes of responding to the User’s request and in accordance with applicable data protection laws (see Privacy Policy).

7. Fees and Payment Terms

For any paid services or purchases on Spacegraph, including premium content or Solution Provider subscriptions, the following payment terms apply:

Payment Process: Payments for digital products or services must be made through the available payment methods on our platform (such as credit card, payment service providers, or bank transfer, as offered). Payments are processed via third-party payment processors, so we do not collect or store full payment card details on our own servers for security. You agree to provide valid payment information and hereby authorize us (or our payment processor) to charge the applicable fees to your selected payment method. If your payment method fails or is refused, we may suspend or cancel the transaction or your access to the paid feature.
Digital Content Delivery: Upon successful payment, digital content like reports or analytics will be made accessible to you (for example, via download or via your account). In the case of subscription-based services, access will continue for the subscription period as long as payments are current.
No Unlawful Use of Purchases: When you purchase any digital content or data from Spacegraph, it is for your personal use or internal business use only. Redistribution, reselling, or public posting of purchased content without our permission is prohibited (see Intellectual Property in Section 10).
Refunds and Cancellations: All sales of digital products are final, except as stated otherwise herein or required by law. Given the nature of digital content (which, once delivered, cannot be fully returned), we generally do not offer refunds after you have gained access to the purchased content. However, if you experience any technical issues preventing access, or if the content is not as described, please contact us and we will work in good faith to resolve the issue or provide a remedy as appropriate. For subscription services, you may cancel future renewals by providing notice in accordance with the instructions provided (e.g., via your account settings or by contacting support) – cancellation will prevent future charges but will not retroactively refund any fees already paid except where required by law.
Right of Withdrawal for EU/EEA Consumers: If you are a consumer resident in the European Union, the United Kingdom, or another jurisdiction with similar consumer protection laws, you may have a statutory right to withdraw from a purchase – see Section 8 below for details on the 14-day withdrawal (cooling-off) period for digital content and how it may be waived for immediate access.
Late Payments: For any services that involve ongoing fees (e.g., a Solution Provider premium account subscription), timely payment is a condition of continued access. In case of late or missed payments, we reserve the right to suspend access to the paid features or terminate the service after providing notice. We may also charge statutory interest on overdue amounts as permitted by law.
Taxes and Charges: You are responsible for any bank fees, wire transfer fees, or other charges applicable to your payments. If we are required to collect indirect taxes (such as VAT) on a purchase from you, we will add those to the amounts charged where applicable according to local laws.

8. Right of Withdrawal (Consumers in EU/EEA & UK)

If you are using Spacegraph as a consumer (meaning, primarily for personal use outside of your trade, business, or profession) and you are resident in the European Union, European Economic Area, or United Kingdom, you generally have a legal right to withdraw from (cancel) certain contracts concluded online, including digital content purchases, within 14 days without giving any reason. The following terms apply to such rights:

Withdrawal Period: The withdrawal period for a digital content purchase (such as a report or subscription) is 14 days from the date of conclusion of the contract (i.e., from the date of purchase/checkout). If you have purchased multiple items in one order, the period runs from the order date; if the contract is for regular delivery (subscription), the period runs from the date of the first delivery.
How to Withdraw: To exercise your right of withdrawal, you must inform us (LETO SPACE GmbH, see Imprint for contact details) of your decision to cancel the contract by an unequivocal statement (e.g., an email to our contact address or a letter sent by post). You may use the EU model withdrawal form, but it is not mandatory – an email that clearly requests cancellation and includes your name, order details, and date will suffice. If you send the withdrawal notice before the 14-day period has expired, your withdrawal is timely.
Effects of Withdrawal: If you withdraw from a contract within the allowed period, we will reimburse all payments we received from you for that contract, including any standard delivery costs (if applicable), without undue delay and no later than 14 days from the day on which we receive your withdrawal notice. The refund will be made using the same means of payment you used for the initial transaction, unless we have expressly agreed otherwise. You will not incur any fees from us for the reimbursement.
Exception – Early Access to Digital Content: Important: If you purchase digital content from Spacegraph, you will be asked to consent to immediate access/download. If you expressly request or consent to us providing the digital content before the 14-day withdrawal period expires (for example, by clicking a download link or accessing the report immediately after purchase), and we have confirmed that request/consent by providing access, you lose your right to withdraw from that purchase. This is in accordance with EU consumer laws: the right of withdrawal for digital content that is not delivered on a tangible medium ends once the download or streaming has begun with the consumer’s prior consent and acknowledgment of losing the right. We will typically require you to check a box or click a button during purchase acknowledging that you want immediate access and understand this effect on your withdrawal rights.
No Withdrawal for Used Services: Similarly, if you have a subscription and you access the service fully within the 14 days (for instance, a one-month subscription where we have already completely fulfilled our service within that period), or any service which has been fully performed with your consent before the period ends, you may not withdraw from that service after it is fulfilled.
Jurisdictions Without Cooling-off: If you are not an EU/EEA/UK consumer, the above cooling-off provisions do not apply. For example, customers in the United States generally do not have a statutory right to cancel after purchase (aside from our own refund policy or applicable state laws). Thus, all sales are final as stated in Section 7, except where we voluntarily provide a refund or where required by law.

9. Acceptable Use Policy

When using Spacegraph, you agree to comply with the following rules and not to misuse the platform. You are strictly prohibited from:

Violating Laws or Rights: Using the platform in any manner that violates any applicable law or regulation, or infringes the rights of any other person or entity (including intellectual property rights and privacy rights). This includes not posting any content that is defamatory, libelous, threatening, hateful, harassing, or otherwise unlawful.
Providing False Information: Submitting false, misleading, or fraudulent information on Spacegraph, whether about yourself, your company, a solution, or any other entity. All information you provide (including during registration or content contributions) must be truthful to the best of your knowledge.
Unauthorized Access and Security Interference: Attempting to interfere with the proper working of Spacegraph or circumvent any security or access controls. This means you must not hack, scan, or test the vulnerability of any system or network of Spacegraph, not deploy any viruses, worms, malware or harmful code, and not bypass any measures we use to restrict access or protect data.
Scraping and Data Extraction: Using any automated means (such as bots, spiders, or scrapers) to collect data or content from Spacegraph, or to otherwise access the platform in a manner that sends more requests to our servers than a human can reasonably produce in the same time. The only exception is public search engine operators who may use spiders to copy content from the site for the sole purpose of creating publicly available searchable indices of the materials (unless we specifically instruct otherwise in our robots.txt file). Bulk downloading or extracting of the database content is prohibited without our explicit written permission.
Spam and Unsolicited Communications: Using Spacegraph to transmit any unsolicited or unauthorized advertising, promotional materials, junk mail, spam, chain letters, or pyramid schemes. Also, you may not harvest or collect information about other Users (such as contact details) for the purpose of sending unsolicited communications outside of the platform’s intended use (for example, Solution Providers should only contact Users through Spacegraph in response to a User’s request, not to send unsolicited marketing).
Interference with Others’ Use: Engaging in any activity that disrupts or impairs the experience of other Users, such as trolling, bullying, stalking, or intimidating individuals on the platform. You should also not impersonate any person or entity, or falsely state or misrepresent your affiliation with a person or entity.
Posting Prohibited Content: Uploading or sharing any content that: (a) contains personal data of others (such as personal contact details or sensitive information) without their consent, (b) contains any obscene or pornographic material, (c) contains software viruses or any other computer code designed to interrupt, destroy or limit the functionality of any software or hardware, or (d) otherwise violates any section of these Terms.

Violation of the above acceptable use provisions constitutes a material breach of these Terms and can result in immediate suspension or termination of your account (see Section 15), removal of offending content, and/or legal action where appropriate. We may also cooperate with law enforcement authorities to prosecute offenders.

10. Intellectual Property and License to Use

All content and materials available on Spacegraph, excluding User Content described in Section 5, are the property of LETO SPACE GmbH or our licensors and are protected by intellectual property laws. This includes (but is not limited to) the compilation of company and solution data, the arrangement and structure of our database, our original descriptions and analyses, the software and code that operates the platform, the design, graphics, logos (including the “Spacegraph” name and logo), trademarks, and service marks used on the site. LETO SPACE retains all rights, title, and interest in and to its intellectual property.

License to Users: Subject to your compliance with these Terms, we grant you a limited, non-exclusive, non-transferable, revocable license to access and use the Spacegraph website/app and its content for your own personal or internal business purposes. This license allows you to view, download (where enabled), and use the content made available to you through the normal functionality of the platform. This license does not allow you to:

Copy, modify, or create derivative works of any part of the platform or content (except to the extent expressly permitted as, for example, with data export features for your own use).
Redistribute or publicly display any substantial portion of the content (for instance, you should not mass-export data and publish it on another website or service).
Use any trademarks, logos, or brand features of Spacegraph or LETO SPACE without our prior written consent. “Spacegraph” and the Spacegraph logo are trademarks of LETO SPACE GmbH. Nothing in these Terms grants you any rights to use our trademarks, except as necessary for factual references to our services.
Reverse engineer, decompile, or attempt to extract the source code of the software (except to the limited extent such actions are allowed by law notwithstanding this limitation).
Remove or obscure any copyright, trademark, or other proprietary notices on the platform or contained in any content.

User Content License to LETO SPACE: As stated in Section 5, you retain ownership of the content you contribute; however, you grant us a broad license to use it for providing our services. You also agree that we may preserve and continue to use your contributions (for example, a company description you wrote) even after you remove it or your account is deleted, insofar as it has been integrated into our database, unless you explicitly request deletion of personal data in accordance with the Privacy Policy. We will honor valid requests to remove personal data, but non-personal content may remain.

Feedback: If you send us any feedback or suggestions about Spacegraph, you agree that we may use such feedback or suggestions for any purpose, commercial or otherwise, without obligation to you. We appreciate feedback, but you understand we are not required to act on it or to compensate you for it.

11. Privacy and Data Protection

Your privacy is important to us. Our collection, use, and disclosure of personal data through Spacegraph are explained in detail in our Privacy Policy (Datenschutzerklärung), which is available on our website. By using the platform or by communicating with us, you acknowledge that you have read and understood our Privacy Policy. In summary, we process personal data you provide (such as your contact and profile details) and data we collect (such as usage information) in order to operate Spacegraph, provide services (including facilitating connections with Solution Providers at your request), process transactions, and improve our platform, as well as for other purposes outlined in the Privacy Policy. We may share your data with third-party service providers who assist us in these tasks (e.g., hosting providers, analytics services) or, with your permission, with Solution Providers as described in Section 6. We implement appropriate technical and organizational measures to protect personal data, but you acknowledge that no method of transmission or storage is 100% secure.

Users also have responsibilities under data protection law. If you provide us with personal data relating to any other individual, you must have the legal right to do so (for example, you obtained their consent). This situation might occur if, say, a Solution Provider uploads contact information of a team member as part of their profile – the provider must ensure they are authorized to share it. Solution Providers receiving personal data of Users via Spacegraph (for instance, through a connection request) agree to handle that data in compliance with applicable data protection laws (such as GDPR) and only for the intended purpose of responding to the User’s inquiry, unless the individual and provider separately establish another basis for processing.

For more information, including details on cookies and analytics on the platform, international data transfers (e.g., to our service providers in other countries), and your rights regarding your personal data, please refer to the Privacy Policy. If there is any conflict between these Terms and the Privacy Policy regarding personal data handling, the Privacy Policy will prevail for issues specifically about data protection and privacy.

12. Disclaimers of Warranty

Spacegraph and all its services, content, and features are provided “AS IS” and “AS AVAILABLE”. To the maximum extent permitted by applicable law, LETO SPACE GmbH disclaims all warranties, express or implied, regarding the Spacegraph platform and any content or services provided (including any information provided by third parties on the platform). This includes, but is not limited to, implied warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, and any warranties that may arise from course of dealing or usage of trade.

In particular, while we strive for high quality:

We do not warrant that the Platform will be uninterrupted, error-free, or secure, or that any defects will be corrected. We cannot guarantee that the platform will be compatible with all devices or browsers, or that it will meet your expectations.
No Guarantee of Results: Any data, analysis, or descriptions on Spacegraph are for informational purposes. LETO SPACE does not guarantee that using the information on Spacegraph (for example, about market opportunities or solution providers) will lead to any particular outcome or success. You should not construe any content on the platform as professional advice (financial, technical, legal, or otherwise) specific to your situation. Users should use their own judgment or consult professionals for advice where appropriate.
Third-Party Content: Spacegraph includes content provided by third parties (including User Content and information from solution providers or public sources). We are not responsible for the accuracy or reliability of any third-party content. Views or opinions expressed by Users or third parties on the platform do not necessarily reflect our own.
We provide no warranty that any downloadable digital content (such as reports) will be error-free or free of viruses or contaminants. You are responsible for using up-to-date antivirus software to scan any such content.
If you are a Solution Provider, we do not warrant that you will receive any minimum number of leads or any business opportunities via Spacegraph, or that any user inquiries will result in actual contracts. Similarly, we do not guarantee to Users that Solution Providers will respond to inquiries or that they will meet your needs.

Some jurisdictions do not allow the exclusion of certain warranties. To the extent that such laws apply to you (for example, certain implied warranties under law for consumer contracts), some of the above exclusions may not apply. In particular, if you are a consumer in the EU/EEA or UK, you may have certain statutory rights (such as a guarantee that digital services will substantially conform to the contract) that cannot be excluded – nothing in these Terms is intended to limit or eliminate those rights, and the exclusions above apply only to the extent permitted by law.

13. Limitation of Liability

To the extent permitted by law, LETO SPACE GmbH’s liability to you is limited. Under no circumstances shall LETO SPACE, its directors, officers, employees, agents, or affiliates be liable to you for:

Any indirect, incidental, consequential, special, punitive, or exemplary damages, or any damages for loss of profits, revenue, business opportunity, goodwill, data, or data use, incurred by you or any third party, arising out of or related to your use of (or inability to use) Spacegraph or any content therein. This limitation applies even if we have been advised of the possibility of such damages.
Any direct damages beyond the amount you have paid to us in the three (3) months prior to the event giving rise to the claim. If you have not paid anything (for example, using free features only), we shall have no liability to you for direct damages, to the extent allowed by law.

Additionally, LETO SPACE is not liable for any acts or omissions of third parties, including other Users or Solution Providers. For example, if you enter into an agreement with a Solution Provider or suffer loss due to actions of a Solution Provider, we are not responsible for those dealings or losses. We do not have control over, and do not assume responsibility for, the quality, safety, legality, or effectiveness of any goods or services provided by Solution Providers, or the truth or accuracy of any claims made by Solution Providers.

Exceptions: Nothing in these Terms shall limit or exclude our liability for: (a) death or personal injury caused by our negligence, or (b) our fraud or fraudulent misrepresentation, or (c) any other liability which cannot be limited or excluded under applicable law (for instance, certain liabilities under product liability laws or for intentional breaches).

Consumer-Specific: If you are a consumer, any mandatory rights you have under local law are not affected by this liability clause. For instance, in some jurisdictions, we cannot exclude liability for failing to provide services with reasonable care and skill. In such cases, our liability is limited to re-performing the relevant service or paying the cost of having that service re-performed, where such limitation is permitted.

Jurisdictional Variations: Some jurisdictions do not allow the exclusion or limitation of certain damages (like incidental or consequential damages), so some of the limitations above may not apply to you. In such cases, our liability will be limited to the fullest extent permitted by law.

14. Indemnification

To the extent permitted by applicable law, you agree to indemnify, defend and hold harmless LETO SPACE GmbH, its affiliates, and their respective officers, directors, employees, and agents, from and against any and all third-party claims, liabilities, damages, losses, or expenses (including reasonable attorneys’ fees and costs) that arise out of or are connected to: (a) your misuse of the Spacegraph platform or any violation of these Terms, (b) any User Content you submit, post, or transmit via Spacegraph (including claims that such content infringes a third party’s rights or caused harm to a third party), or (c) your violation of any law or regulation.

We reserve the right, at our own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you (without limiting your indemnification obligations with respect to that matter). In such case, you agree to cooperate with our defense of that claim.

Consumer Notice: If you are a consumer, the above indemnity may not apply to you to the extent that applicable law in your jurisdiction does not allow it. In particular, we do not expect ordinary consumer users to indemnify us for general use of the platform. This indemnity is primarily targeted toward misuse or unlawful use of the platform and towards business/commercial users. However, you agree that if you use the platform in violation of these Terms and that causes us to be sued by a third party, we can seek compensation from you to the extent permitted by law.

15. Termination and Suspension

User Termination: You may stop using Spacegraph at any time. If you wish to delete your account, you may do so through the account settings (if available) or by contacting us via the contact information provided in the Imprint. Account deletion will remove your profile and personal data from active visibility on the platform, though copies of your data may be retained as required or permitted by law (see our Privacy Policy for details on data retention after account deletion).

Our Right to Suspend/Terminate: We reserve the right to suspend or terminate your access to Spacegraph (or certain features of it) at any time, with or without notice, if we reasonably believe: (a) you have violated these Terms or any applicable law, (b) you have engaged in fraudulent, abusive, or harmful behavior (for example, using the platform in a manner that could introduce security risks or that infringes others’ rights), or (c) it is necessary to protect the security, integrity, or reputation of our platform or other users. In case of minor violations or where appropriate, we will aim to provide you with a warning and an opportunity to remedy the violation before terminating.

Effect of Termination: Upon termination of your account or access, your right to use the platform will immediately cease. Any licenses or rights granted to you under these Terms will end. The following provisions of these Terms will survive termination: any provisions regarding intellectual property rights, disclaimers of warranties, limitations of liability, indemnification, governing law, dispute resolution, and any other clauses that by their nature should survive. If your account is terminated or suspended due to a breach of Terms, you are not entitled to any compensation, and you may lose access to any data associated with your account (subject to data portability rights under law). If you had any outstanding payments or fees owed at the time of termination, you remain responsible for those amounts and we reserve the right to pursue appropriate legal action to recover them.

Service Discontinuation: Separately, LETO SPACE reserves the right to discontinue or shut down the Spacegraph service entirely. Should this occur, we will endeavor to provide advance notice to active users via the website or email. If we discontinue the service and you have paid for a subscription or other prepaid service extending beyond the discontinuation date, we will provide a pro-rata refund for any period of service you have paid for but not received, unless we have agreed otherwise.

16. Changes to the Terms

We may revise or update these Terms from time to time to reflect changes in our services, user feedback, or legal requirements. If we make changes, we will notify users by posting the updated Terms on our website and updating the “Last updated” date at the end of this document. In case of material changes (those that significantly affect your rights or obligations), we will take additional steps to inform you, such as by sending an email to the address associated with your account or by displaying a prominent notice within the platform.

Your Continued Use: Unless otherwise required by law, modifications to the Terms will become effective on the date stated in the notice or when posted (if not stated otherwise). By continuing to use Spacegraph after the new Terms take effect, you indicate your acceptance of the updated Terms. If you do not agree to the revised Terms, you must stop using the platform and may delete your account. In some cases (for example, if required by law for certain changes), we might explicitly request your consent to the changes. If you decline to consent to updated Terms where consent is required, you may not be able to continue using the service.

Please review these Terms periodically to ensure you understand the conditions that apply at that time.

17. Governing Law and Jurisdiction

These Terms and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with them or the use of Spacegraph shall be governed by and construed in accordance with Austrian law, in particular under the substantive laws of Austria, excluding its rules on conflicts of law. The UN Convention on Contracts for the International Sale of Goods (CISG) does not apply.

If you are using Spacegraph as a business user, any disputes arising out of or related to these Terms or the service shall be subject to the exclusive jurisdiction of the competent courts in Graz, Austria.

If you are using Spacegraph as a consumer, this governing law section does not deprive you of the protection of provisions that cannot be waived by agreement under the laws of your country of habitual residence (i.e., mandatory consumer protection laws). You may also have the right to bring proceedings in your local courts. In plain terms, if you are a consumer resident in the EU, you will benefit from any mandatory provisions of the law of the country in which you reside, and you may choose to file a claim in those courts. We will respect such rights. However, nothing in these Terms authorizes either party to violate the jurisdictional rules applicable to consumers; it simply clarifies that Austrian law governs to the extent it does not conflict with those mandatory protections.

Dispute Resolution: We encourage you to contact us first if you have any issue with Spacegraph, as we aim to resolve most user concerns amicably and quickly. Our contact details for user inquiries and complaints can be found in the Imprint (Section 1 above). As noted in that section, EU consumers can also use the Online Dispute Resolution platform provided by the European Commission, but we have not agreed to any binding out-of-court arbitration for consumer disputes at this time.

18. Miscellaneous Provisions

Entire Agreement: These Terms, together with the Privacy Policy, Cookie Notice, and any additional guidelines or terms referenced herein, constitute the entire agreement between you and LETO SPACE GmbH regarding your use of Spacegraph. They supersede any prior agreements, communications, and understandings, whether written or oral, relating to the subject matter. However, this does not exclude liability for fraud or fraudulent misrepresentation.
No Waiver: Our failure to enforce any provision of these Terms shall not be considered a waiver of that provision or of the right to enforce it. Any waiver of rights by us must be made explicitly in writing. If one or more provisions of these Terms are waived, the rest of the Terms remain in effect.
Severability: If any provision of these Terms is held to be invalid, illegal, or unenforceable by a competent court or authority, that provision will be enforced to the maximum extent permissible, and the remaining provisions of the Terms will remain in full force and effect. The invalid provision will, if possible, be replaced by valid language reflecting the original intent as closely as permitted by law.
Assignment: You may not assign or transfer any of your rights or obligations under these Terms without our prior written consent. We may assign or transfer our rights and obligations to an affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of our assets related to Spacegraph, and you hereby agree to such assignment in advance. These Terms will bind and inure to the benefit of the parties, their successors, and permitted assigns.
No Agency: No joint venture, partnership, employment, or agency relationship exists between you and LETO SPACE as a result of these Terms or your use of Spacegraph. You do not have any authority to bind the Company in any respect.
Language Versions: These Terms and all legal texts are provided in both English and German. Both language versions are intended to have the same meaning and effect. In the event of any inconsistency or discrepancy between the English and German versions, our intention is that they be interpreted to reconcile the difference. If a discrepancy remains, the English version shall prevail (as it is the official language in our business), to the extent permitted by law.
Contact: If you have any questions or concerns about these Terms, please contact us using the details provided in the Imprint (Section 1).

Last updated: June 16, 2025

3. Privacy Policy (Datenschutzerklärung)

Introduction: We at LETO SPACE GmbH (“LETO SPACE,” “we,” or “us”) respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect information in the context of our web application Spacegraph (the “Platform” or “Service”), and what rights and options you have with regard to your personal data. It applies to all users of Spacegraph, including both general users and solution provider users, as well as visitors to our website. This policy is provided in both English and German for your convenience.

Data Controller: The entity responsible for processing personal data in connection with Spacegraph (the data “Controller”) is LETO SPACE GmbH, Stremayrgasse 16, 8010 Graz, Austria. If you have questions or requests regarding your personal data, you can contact us by email at office@leto.space or by telephone at +43 676 4554355. For postal inquiries, please use the mailing address provided in our Imprint. (If you reside in a country with data protection authorities, see Section “Your Rights” on how to contact them or lodge complaints.)

1. Personal Data We Collect

We collect personal data (any information relating to an identified or identifiable individual) from and about users through the following channels:

Information You Provide Directly: When you register for a Spacegraph account, we ask for basic information such as your name, email address, and a password. If you create a user profile, you may also provide your organization or company name, job title, industry, and other profile details. Solution provider users may provide additional company details, solution descriptions, logos, and contact information for their team members. You might also provide data when filling in forms on our site (for example, requesting a whitepaper or subscribing to a newsletter), posting content (such as comments, company information, or other contributions to the Platform), contacting us via support or feedback channels, or when participating in surveys or promotions. Any personal data contained in such content will be processed for the purpose for which you provided it. For instance, if you include your phone number in a contact request to a solution provider, we will use that to facilitate the contact (and share it with the provider with your permission as explained in the Terms).
Data from Public Sources or Third Parties: Spacegraph also aggregates information about companies and solutions from public or third-party sources. This data may include company profiles, press releases, public website content, patent or publication information, etc. Generally, this aggregated company/solution data is not personal data (as it relates to organizations). However, it might incidentally include personal identifiers (for example, the name of a company’s CEO if that is public). When we compile such information, we treat any personal names or details we collect as described in this policy. We may also receive data about individuals from third-party services, for example if we integrate a single sign-on service (like logging in via LinkedIn, Apple, Google or Microsoft – in which case we receive basic profile data from those services with your consent) or if a colleague invites you to the platform (they might provide your email address).
Automatically Collected Data (Usage Data): When you use Spacegraph or browse our website, we and our third-party analytics partners automatically collect certain technical information about your visit. This includes:
Device and Browser Information: such as your IP address, device type (desktop, mobile, etc.), operating system and version, browser type and version, language settings, and screen resolution.
Usage and Activity Data: such as pages or profiles you view, features you click or interact with, the date and time of your visit, the referring page (if you arrived via a link from elsewhere), and the page you exit to. We may also log events like when you log in, download a report, or request to connect with a provider.
Cookies and Similar Technologies: We use cookies, pixels, and local storage in your browser to collect and store some of the above information and to recognize you across sessions. Our Cookie Notice (Section 4 below) provides more details on the types of cookies and their purposes.
Payment Information: If you make purchases (e.g., buy a premium report or subscribe to a service), our third-party payment processor will collect your payment details (such as credit card number, billing address). We ourselves generally receive only limited information about the transaction – such as a confirmation that payment was successful, the last four digits of your card, or an ID linked to your PayPal account – but not the full card data. We will store records of your purchases (what you bought, when, and the amount, along with your name and contact information for invoicing purposes).
Communications: If you contact us directly (e.g., via email or through a contact form), we will collect the information you provide in your inquiry. This may include your contact details and the content of your message. We will also keep records of our correspondence with you (support tickets, customer service communications). Additionally, if you communicate with other users on the Platform (for example, if a solution provider responds to your request via a messaging feature on Spacegraph), those communications may be stored on our servers and accessible to us for moderation and support.
Newsletter and Marketing Data: If you subscribe to our newsletter or opt in to receive marketing communications, we will collect your email address and any preferences you indicate. We may also note whether you interact with our emails (for instance, opening an email or clicking a link) to understand engagement levels, using tracking pixels or similar techniques.

We endeavor to only collect data that is relevant and necessary for the purposes described below. Where possible, we use pseudonymization or anonymization. For example, we might remove or aggregate personal identifiers in usage logs after a certain period, so that they can no longer be linked to individual users.

We do not seek to collect special categories of personal data (such as data about health, political opinions, religious beliefs, etc.) through Spacegraph, and we ask that you do not submit such information on the platform. Spacegraph is not intended to process any sensitive personal data. Similarly, our service is aimed at professionals and organizations; we do not intentionally collect data from children under 16. If you are under 16 (or a minor as defined by the laws of your country), please do not use Spacegraph or submit personal information. If we learn that we have collected personal data from a child under the permissible age, we will delete it.

2. Purposes and Legal Bases for Processing

We use the personal data collected for the following purposes (each purpose in this section is coupled with the legal basis under the EU General Data Protection Regulation – GDPR – that permits the processing):

Providing the Service and User Accounts: We process your registration data and account information to create and maintain your account, authenticate you when you log in, and provide you with the features of Spacegraph that you request. For example, we use your profile information to populate your user profile and allow other users (like solution providers) to see who you are when you contact them. If you are a solution provider, we use the data you give us to create your company profile so that it’s accessible on the platform. Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) – this processing is necessary to provide the Spacegraph service per our Terms.
Facilitating Connections and Communications: If you request to connect with a solution provider, we use your personal information to notify that provider and to facilitate your communication (for example, by generating an email or a platform notification to the provider with your name and contact info). We might also use your information to route messages through our system if you communicate via an in-platform messaging feature. Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) for enabling the requested communication, and/or consent (Art. 6(1)(a) GDPR) when you initiate such sharing (your request acts as consent to share your data with that provider).
Aggregating and Analyzing Data for Users: We process contributed data (both user-submitted and from public sources) to generate analytics, summaries, or market reports that are provided back to users. For example, we might aggregate data about how many users are interested in a certain category of solutions or analyze trends from user input and public data to produce a report. To the extent this processing involves personal data (which is minimal, as most aggregated analysis is on company-level data), we either anonymize it or rely on our legitimate interest in producing meaningful industry insights (Art. 6(1)(f) GDPR).
Operating and Improving the Platform: We use usage data and feedback to understand how our service is used and to improve its functionality and security. This includes debugging, repairing errors, and conducting data analysis and testing. We may track, for instance, which features are most popular or which pages cause users to drop off, so we can make improvements. We also monitor usage for security reasons – e.g., detecting suspicious logins or activities that could indicate fraud or malicious behavior. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) – it is in our interest (and typically also in our users’ interest) to ensure the service works smoothly, is secure, and can be continually refined. We balance this interest against your privacy rights, and in doing so, we often use aggregated or pseudonymized data for analytics to mitigate privacy impact. Where strictly necessary (like storing cookies that are essential), we rely on the necessity for service provision.
Customer Support and Contact: If you contact us for support, we will use your contact information and any information you provide about your issue to assist you. We may also contact you to inform you about changes to our services, important security updates, or to provide administrative messages (like confirming when you sign up, or notifying you of term updates). Legal basis: Performance of contract (Art. 6(1)(b) GDPR) for support related to your use, and legitimate interests (Art. 6(1)(f) GDPR) for necessary communications about the service (we have a legitimate interest in keeping you informed of major changes or issues affecting the service).
Marketing and Newsletters: If you have subscribed to our newsletter or if you are an existing customer, we may send you promotional communications, such as updates on new Spacegraph features, industry insights, or events. We will do so in accordance with applicable law – for example, we will obtain your consent to send you newsletters where required (Art. 6(1)(a) GDPR). If you are an existing customer, EU law allows us in some cases to send you marketing about similar products or services that you have previously used or inquired about, based on our legitimate interest in promoting our offerings (Art. 6(1)(f) GDPR), but we will always give you a clear opportunity to opt out of such emails (and we include unsubscribe links in every marketing email). We will not share your contact details with third-party advertisers without your explicit consent.
Processing Payments and Transactions: If you make a purchase, we will process your personal data to handle billing, payments, and any related accounting or invoicing. This involves using your name and contact info on invoices and processing transaction details via our payment provider. It also includes keeping records of transactions for legal and accounting purposes (for example, under tax law). Legal basis: Performance of contract (payment is part of the purchase contract) and compliance with legal obligations (Art. 6(1)(c) GDPR) – e.g., retaining invoices for required periods.
Compliance and Legal Obligations: We may process personal data as required to comply with laws and regulations, or to respond to lawful requests or orders from law enforcement or other government authorities. For instance, we might retain certain log data to meet regulatory retention requirements, or we might disclose information if required by law in connection with court proceedings. Legal basis: Compliance with a legal obligation (Art. 6(1)(c) GDPR) or, in some cases, legitimate interests (Art. 6(1)(f) GDPR) such as when cooperating with law enforcement to prevent fraud or protect our rights (provided such interest is not overridden by your rights).
Enforcing Our Terms and Rights: We may process data to investigate and enforce compliance with our Terms of Service and other agreements or policies. For example, we might use certain data to block an abusive user, or to investigate a potential breach (like someone scraping data). If necessary, we will also use data to take action against fraudulent or illegal activity, threats to our IT systems, or harassment of our personnel or other users. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) – we have a strong interest in upholding our contractual rights and maintaining a safe environment; this can also protect other users. Should enforcement actions ever involve special categories of data (unlikely in our context), we would rely on appropriate legal justifications for those.
Business Transfers: In the event that we consider or undergo a business transaction such as a merger, acquisition by another company, reorganization, or sale of all or part of our assets, we may need to disclose user information to prospective or actual buyers (and their professional advisors) as part of the due diligence process. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) – completing such a transaction might be in our and our shareholders’ interest. However, in such cases, we will ensure that any third party receiving personal data is bound to respect it consistent with this policy and applicable law.

If we ask for personal data for a reason not described above, we will explain at the time of collection what we intend to do with it.

Importantly, where feasible, we will use anonymized or aggregated data that does not identify individuals to fulfill the above purposes (especially analytics and industry reporting). Once data is anonymized such that it can no longer be associated with any person, it is no longer considered personal data and is not subject to this Privacy Policy or data protection laws. We reserve the right to use such anonymized or aggregated information for any legitimate purpose, such as analyzing market trends, creating statistics, improving our services, or sharing insights with third parties.

3. Cookies and Tracking Technologies

What Are Cookies: Cookies are small text files that websites store on your device (computer, smartphone, etc.) when you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Similar technologies include web beacons (pixel tags), local storage (like HTML5 localStorage), and scripts or SDKs in apps. In this policy, we refer to all these technologies collectively as “cookies” or “tracking technologies”.

How We Use Cookies: Spacegraph uses cookies and similar technologies to distinguish you from other users, to remember your preferences, and to collect information about your usage of our platform. This helps us provide a good experience (for instance, keeping you logged in as you navigate) and to improve our site. We do not currently serve advertising on Spacegraph that involves third-party ad cookies, but we do use third-party analytics cookies (notably Google Analytics) to understand user behavior on our site. The types of cookies we use include:

Strictly Necessary Cookies: These cookies are essential for the operation of our website and platform. They include, for example, cookies that enable you to log into secure areas of our site, keep you logged in during your session, or remember items in a shopping cart. Without these cookies, some parts of our service would not function. Consent requirement: Not required, as these are necessary for providing the service you requested (per EU ePrivacy laws).
Preference Cookies: These cookies allow our website to remember information that changes how the site behaves or looks, like your chosen language or region. For example, if our site is multilingual, a cookie might store that you prefer the English version so you’re redirected appropriately. Consent: We may treat these as necessary to the extent that the preference is requested by you (like selecting a language). Otherwise, we will include them in the consent banner for transparency.
Analytics Cookies: We use analytic tools such as Google Analytics to collect information about how visitors use our website. Google Analytics uses its own cookies (_ga, _gid, etc.) to generate reports on site usage. These cookies track things like how you arrived at our site, which pages you visit, how long you stay, and which features you use. Importantly, we have enabled IP anonymization for Google Analytics on our site – this means Google truncates your IP address within the EU/EEA before sending it to Google’s servers, so that it is not stored in a way that could identify you. The information generated by Google Analytics cookies (which can include truncated IP, device info, and usage data) will be transmitted to and stored by Google (which may involve servers in the United States). Google uses this info on our behalf to analyze your use of the site and compile reports for us. We use these reports to improve our service (for example, to see which features are popular or if certain pages are confusing users). We do not use Google Analytics for advertising purposes on Spacegraph (and we do not permit Google to use the data for its own advertising or share it – we use Google Analytics under the “Analytics” terms). Consent: These analytics cookies are non-essential and will only be set with your consent. On your first visit, you will see a cookie banner (consent notice) where you can accept or decline analytics cookies. If you decline, we will not load Google Analytics or similar trackers.
Functional/Third-Party Cookies: At present, Spacegraph doesn’t heavily utilize third-party plugins beyond analytics. However, if we embed content from third parties (like an interactive map, a video player, or social media widgets), those providers may set cookies as well – for example, if we embedded a YouTube video, YouTube might set cookies to track video views. Such cookies would be considered third-party and possibly require consent. We will inform you via the cookie banner or our cookie notice about any such cookies if they are present, and we will not load them without appropriate consent if needed (except where the content is strictly necessary).
Security Cookies: We might use certain cookies or similar mechanisms to help secure the platform – for example, a cookie that helps prevent cross-site request forgery (CSRF) or one that tracks repeated failed login attempts. These would fall under necessary cookies for security.
“Do Not Track” Signals: Our website currently does not respond to Do Not Track (DNT) signals in HTTP headers. DNT was proposed as a way for users to indicate their tracking preferences to websites, but there is not yet a consensus on how websites should respond. We treat your tracking choices mainly through our cookie consent management. You can always refuse analytics as noted.

Cookie Consent Banner: In jurisdictions like the EU/EEA and UK, we display a cookie consent banner when you first visit Spacegraph (and periodically thereafter, or whenever we add new cookies that require consent). This banner allows you to accept all cookies or to choose specific categories (e.g. “Accept only necessary cookies” vs. “Accept analytics cookies”). Until you have made a choice, we will not set non-essential cookies (like analytics). Once you choose, we’ll remember your preferences (a cookie will store that choice for future visits). You can also change your cookie preferences at any time – by clicking a “Cookie Settings” link typically present in the footer of the site (if available) or by clearing your cookies (which will cause the banner to reappear on next visit).

Managing and Deleting Cookies: You have the right to control and delete cookies as you wish. In addition to using our on-site preferences, you can manage cookies through your web browser settings:

Browser Settings: Most web browsers allow you to view, manage, delete, and block cookies for a website. You can typically find these options under the “Preferences” or “Settings” menu of your browser, then look for “Privacy” or “Cookies.” For example, in Chrome you can go to Settings > Privacy and Security > Cookies and other site data; in Safari: Preferences > Privacy; in Firefox: Options > Privacy & Security > Cookies. You can choose to block third-party cookies or even all cookies. Keep in mind, blocking all cookies might cause parts of our site (and others) not to function properly (especially necessary cookies).
Cookie Banner Re-trigger: If you have previously set your preferences on our site but want to change them, you can usually do so by finding our “Cookie Notice” link and adjusting settings, or by clearing our site’s cookies from your browser (which will reset your consent).
Opting out of Google Analytics: Google provides an opt-out mechanism via a browser add-on which, once installed, prevents Google Analytics from collecting data on any website. You can obtain the add-on here: https://tools.google.com/dlpage/gaoptout. This is provided by Google and works by setting a special cookie to disable GA. Also, as mentioned, if you decline analytics in our banner, it has a similar effect just for our site.
Do Not Track and Global Privacy Controls: Some browsers or browser extensions support a setting called “Global Privacy Control (GPC)” or “Do Not Track.” At the current time, our site does not act on these signals alone for cookie deployment (because compliance is handled via our explicit consent banner), but we continue to monitor regulatory guidance on this and will treat such signals in line with legal requirements. If you have set such signals, we encourage you also to use our cookie banner to explicitly set preferences.
More Information: For more detailed information about cookies and how to manage them, you can visit resources like AllAboutCookies.org which offers guidance on controlling cookies in various browsers.

Third-Party Websites: If our website contains links to external websites (for example, to a solution provider’s own site or a social media page) and you click those, note that this Privacy Policy (and our cookie management) does not apply to those third-party sites. Those sites will have their own privacy and cookie policies which you should review.

Cookie List: Below is an overview of the cookies we use on Spacegraph (note: for brevity, we list categories rather than every cookie name):

Necessary: (Examples: session_id – keeps user logged in; XSRF-TOKEN – security token to prevent request forgery; cookie consent cookie – remembers your choices on the banner).
Preferences: (Example: lang – remembers language selection, if applicable).
Analytics: Google Analytics cookies such as _ga (used to distinguish users, expires 2 years), _gid (used to distinguish users, expires 24 hours), _gat (used to throttle request rate, expires 1 minute). All Google Analytics cookies are provided by Google LLC/Google Ireland and may send data to Google as described. We have configured them in consent mode – they only run if you allow. Google’s Privacy Policy is available here: https://policies.google.com/privacy.
Functionality/Third Party: Currently none beyond the above, but if in future we embed, say, a YouTube video, then YouTube may set cookies like VISITOR_INFO1_LIVE or YSC. We will update this policy if such usage becomes regular.

We will update our cookie usage and this policy as our site evolves or if we introduce new tracking tools. Any significant change will also be communicated via the site or consent interface.

4. How We Share Personal Data

We treat your personal data with care and confidentiality. We do not sell your personal information to third parties for their own commercial use. There are, however, certain circumstances in which we share personal data with third parties, as outlined below:

Solution Providers (User-Initiated Sharing): As described earlier, when you choose to connect or share information with a solution provider through Spacegraph, we will forward your relevant personal data to that provider (with your consent/at your request). For example, if you click “Connect with Provider X” and fill a form, Provider X will receive the details you provided. In doing so, the solution provider becomes an independent data controller of the information you provided them (they are responsible for any subsequent use of that data). We contractually require solution providers to use such data only for the intended purpose (responding to your inquiry) and to handle it in compliance with applicable privacy laws, but we do not control their systems. This kind of sharing happens only when you actively engage with a provider; we do not randomly send user lists or contact info to providers without user action.
Service Providers and Processors: We employ trusted third-party companies and individuals to perform certain functions on our behalf and to assist in providing our services. These include:
Hosting and Infrastructure: e.g., cloud hosting providers or data center partners that host our website, databases, and services (they store and process data, including personal data, on their servers).
Email and Communication Tools: e.g., services to send transactional emails (like sign-up confirmations, password resets) and newsletters. These providers process your email address and sometimes name and content of the email under our instructions.
Analytics Services: e.g., Google Analytics as described. (Google acts as our processor for analytics data, though in some jurisdictions Google may be viewed as a joint controller for some limited uses – we configure GA in a way to minimize personal data, such as IP anonymization).
Payment Processors: e.g., Stripe, PayPal, or other payment gateways that handle your payment transactions. They receive information like your payment card details, name, and purchase details. They are separate controllers for your payment info, but they share necessary confirmation data back to us.
Customer Support and CRM: If we use a customer support ticketing system or a Customer Relationship Management tool to track communications, that provider will process any personal data contained in support requests.
Marketing and Email Newsletter Platforms: If you opted in to newsletters, we might use a service (like MailChimp, SendGrid, etc.) to manage mailing lists and send emails. They hold your email and any subscription preferences.
IT and Security Services: e.g., services for backup, security monitoring, DDoS protection (like Cloudflare or similar).

These third parties act as our data processors (under GDPR terms) when they handle personal data on our behalf. We provide only the information they need to perform their specific tasks, and we contractually bind them to protect your data and use it only for our specified purposes. They are not allowed to use your data for their own purposes. A list of our key subprocessors can be provided on request (and we will update you if we add any new major processors that handle personal data).

Within Our Corporate Group: If LETO SPACE GmbH has affiliates or subsidiaries in the future, we may share personal data within our corporate family, on a need-to-know basis, to operate and improve the service. For instance, if an affiliate is helping with development or support, they may access data under the same conditions as we do. Any such intra-group sharing will comply with applicable laws (and if any affiliate is outside the EU, we’ll have proper safeguards like intra-group data transfer agreements).
Business Partners or Institutional Clients (Aggregated Data): As part of our business model, we may produce anonymized, aggregated market insights (e.g., trends reports, industry demand statistics) which we might share or sell to institutional clients such as the European Space Agency (ESA), FFG (Austrian Research Promotion Agency), or other partners. Importantly, these reports do not contain personal data; they involve high-level analysis that cannot be linked back to any individual person. For example, we might sell a report indicating “X% of companies in [sector] are seeking [type of solution]” derived from user activity and public data. Such data is not personally identifiable, and thus sharing it does not raise privacy concerns under GDPR (GDPR does not apply to truly anonymized data). We want to emphasize that any monetization involving data we collect will either use aggregated/anonymized data or, if personal data is involved, it will only happen with appropriate legal basis (e.g., user consent or anonymization). We do not sell personal information like names or emails to third parties.
Legal Compliance and Protection: We may disclose personal data to third parties (such as attorneys, advisors, courts, or law enforcement authorities) if we determine that such disclosure is reasonably necessary to:
comply with any applicable law, regulation, legal process, or governmental request (e.g., to respond to a subpoena or court order);
enforce our Terms of Service or other agreements;
detect, prevent, or otherwise address illegal or suspected illegal activities (such as fraud, security or technical issues);
protect the rights, property, or safety of LETO SPACE, our users, employees, or others. For example, if required by financial regulations to report certain transactions, or if a law enforcement agency lawfully requests data as part of an investigation, we will comply to the extent we are obligated or permitted. We will seek to limit the data shared to what is necessary and will object to overly broad requests if appropriate. Unless prohibited by law or in an emergency, we may attempt to notify users about any third-party requests for their personal data (for instance, if we receive a civil subpoena for a user’s information) to give them a chance to object.
Business Transfers: In connection with any merger, sale of company assets, financing, acquisition, insolvency, bankruptcy, or receivership, personal data of our users may be among the assets transferred to the buyer or successor entity. We will only transfer data if the recipients commit to respecting this Privacy Policy (or provide similar protection). You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal data, as well as any choices you may have regarding your personal data in that event (for example, if the new entity plans to handle your data differently, you should have an opportunity to opt out).
With Your Consent: Apart from the cases above, if we want to share your personal data with any other third parties, we will ask for your consent. For instance, if we ever want to highlight user testimonials on our site with names, we would ask for permission. Or if a partner organization wanted to invite our users to an event, we might ask you if you’d like your contact details shared for that purpose. You are free to decline such requests, and your service usage will not be affected by that decision.

Selling of Personal Data (CCPA Notice): For California residents, we state clearly that we do not “sell” personal information as defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). That is, we do not disclose your personal data to third parties in exchange for money or other valuable consideration for their own marketing or other purposes. We also do not share your personal data for cross-context behavioral advertising (as defined in CPRA). All data sharing we do is as described above (service providers, your requested connections, etc.). In the past 12 months, we have not sold personal information of California consumers, and we have not knowingly shared personal information of minors under 16 years of age in a way that constitutes a sale.

5. International Data Transfers

Our Operations: LETO SPACE GmbH is based in Austria and primarily operates out of the European Union. However, the nature of modern digital services means that personal data may be transferred to, or accessed from, other countries. For example:

We use cloud infrastructure (which might be globally distributed) or other IT services that may store data in data centers outside your home country.
We have service providers in various jurisdictions (some listed in Section 4). Notably, some providers (like Google) might process data in the United States or other countries outside the EU.
If you are a user located outside of Austria (or the EU), your data will naturally be transferred to our servers in the EU.
If an EU user connects with a solution provider that is based outside the EU (e.g., a provider in the US or UK), the personal data shared for that connection will cross borders based on your request.

Privacy Laws & Adequacy: When transferring personal data internationally, we comply with applicable data protection laws. In particular, for individuals in the EU/EEA or UK:

The European Commission has determined that certain countries outside the EEA provide an adequate level of data protection (known as “adequacy decisions”). For instance, data can flow freely to countries like Switzerland under adequacy. We will rely on such decisions for transfers where applicable.
For transfers to countries without an adequacy decision (for example, the United States currently does not have a blanket adequacy for commercial entities as of this writing), we use approved Standard Contractual Clauses (SCCs) as a safeguard. These are contractual commitments between us and the recipient of the data, imposing GDPR-level obligations on the foreign recipient to protect the data. We have executed SCCs with our key service providers outside Europe. In some cases, our providers participate in other frameworks like the EU-US Data Privacy Framework or similar; we monitor developments and will use any new approved mechanisms as appropriate.
We also evaluate on a case-by-case basis whether any supplemental measures are needed to ensure that the data is afforded essentially equivalent protection to that in the EU. For example, we may use encryption, pseudonymization, or ensure providers commit to challenge government requests, etc., where relevant.
Transfers from the UK follow a similar logic: we use the UK’s International Data Transfer Agreement or Addendum to SCCs when needed, aligning with the UK GDPR requirements.

Our Approach for Specific Services:

Google Analytics (US): As mentioned, Google LLC in the US may receive some analytics data. We have activated IP anonymization and have a data processing agreement & SCCs in place with Google. We understand that analytics data might still be considered at risk due to US surveillance laws as per some European regulators. We continue to monitor guidance (and the potential adoption of the new EU-US Data Privacy Framework). We also provide the opt-out for users (consent requirement) as an additional measure. If at any point we believe we cannot use Google Analytics in compliance with EU law, we will reconsider its use.
Cloud Hosting: If our site is hosted on, say, AWS or Azure – we choose EU data centers when possible. However, as these are US companies, SCCs are part of our contracts because theoretically they might have to provide access to US staff for support, etc.
Solution Provider Connections: If you connect with a provider outside the EU, we consider that transfer to be necessary for the performance of a contract between you and that provider (Art. 49(1)(b) GDPR) or carried out at your request in connection with that contract. Essentially, if you ask us to send your details to (for example) a company in Canada, we do so to facilitate your desired interaction. While we will still aim to ensure the provider handles the data respectfully, this specific transfer is directly a result of your action and thus considered permissible under GDPR derogations.

For Users Outside EU: If you are in a jurisdiction like the US or any other region, your data will likely be held on servers in the EU. This means your data gets transferred out of your country to Europe. We apply uniform standards of data protection for all users, meaning we protect your data under this policy and by using robust security regardless of where it’s processed. However, note that by using our service, you understand that your data will be transferred to and stored in jurisdictions which may have different data protection laws than your country. When we transfer data out of, for example, the US to EU, we rely on the necessity to perform our contract (to provide you the service).

If you have questions about our international transfer practices or want a copy of the relevant safeguards (like SCCs) we have in place, you can contact us at the details provided.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which we collected it, including for satisfying any legal, accounting, or reporting requirements. Because different types of data and use cases may have different retention needs, we outline here our general practices:

Account Information: We keep your account data (like your profile, login info, settings) for as long as your account is active. If you delete your account, we will initiate deletion of personal data associated with your account from our live systems, usually within a short period (generally within 30 days) unless otherwise required (see exceptions below). Some data may persist in backups for a limited time until those backups cycle out.
User Contributions: Content you have posted (such as company information or comments) may remain visible on the platform even after account deletion if it does not contain personal data, especially if it’s useful to other users (for example, an improvement to a company profile might remain). However, we will either anonymize or remove the association with your user profile. If you prefer certain content removed, you can often delete it yourself prior to account deletion, or contact us to remove personal references. For content containing personal data (like a comment with your name on it), we either remove it or redact the personal elements upon account deletion.
Communications and Support: If you contacted us via email or support, we may retain those communications for a period (to have a history of support issues and improve our services). Typically, support emails are kept for a couple of years unless you request deletion and it's feasible to do so. Business communications (with solution providers or partners) may be kept longer.
Analytics Data: Analytics logs (containing IP addresses or user IDs) are typically retained for a shorter period in identifiable form – often 14 months by default in Google Analytics, unless we adjust it. We might aggregate and keep anonymous statistics longer. We periodically review our analytics retention to ensure we aren’t holding personal data longer than necessary for trends analysis.
Transaction Records: For purchases and transactions, we retain records (like invoices, payment history, correspondence) as needed to comply with financial and tax regulations. In Austria, for instance, certain financial records must be kept for 7 years. Thus, even if you delete your account, we may keep invoice records associated with your name or company for that duration in our financial archives.
Legal Obligations and Disputes: If we are under a legal obligation to retain data (for example, an active court order to preserve data, or retention obligations under laws like anti-money laundering), we will retain that data as required. If any dispute is ongoing (like a legal claim or investigation involving you), we might retain relevant information until that issue is resolved, even if it extends beyond normal retention periods.
Backups: Our system likely performs routine backups for reliability. Backup data is typically stored securely and rotated. If personal data is deleted from our main systems, it might remain in encrypted backups for a short period until those backups are overwritten or deleted, but it will no longer be actively processed and will remain secure.
Marketing data: If you opt out of marketing emails, we will remove you from the list immediately, but we may keep a record of your unsubscribe request (email address and the fact you opted out) indefinitely to ensure we don’t accidentally send you emails in the future (this is a common practice to maintain a suppression list, as allowed by law).

When we no longer have a legitimate need to keep your personal data, we will either delete it or anonymize it. If deletion is not immediately possible (for example, because data is stored in an offline backup), we will securely store it and isolate it from further use until deletion is possible.

If you have specific questions about our data retention for a certain type of data, you can contact us.

7. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk to personal data. We have put in place commercially reasonable and industry-standard security safeguards to protect the personal data we process against unauthorized access, loss, misuse, or alteration. These measures include:

Encryption: We use encryption in transit (HTTPS/TLS) for data exchanged between your browser and our servers. This protects information from being intercepted in transit. For sensitive data at rest, we also employ encryption or hashing (for example, passwords are stored in hashed form).
Access Controls: We limit access to personal data to those employees, contractors, and service providers who need to know the information for the purposes described in this policy. They are subject to confidentiality obligations. Internally, we use role-based access control so that, for instance, technical staff can’t see certain user data unless necessary, and any access to production data is logged and monitored.
Network Security: Our servers are protected by firewalls, and we regularly update our software and systems to address security vulnerabilities. We employ tools to detect and prevent brute force attacks, DDoS mitigation services, and other intrusion detection/prevention systems as appropriate.
Monitoring: We monitor our systems for possible vulnerabilities and attacks, and we conduct periodic security assessments. If we become aware of a data breach, we have a response plan to contain and assess the incident and will notify affected users and authorities as required by law.
Training: Our staff are trained on data protection and security practices, to ensure they handle your data properly and are aware of their responsibilities regarding personal data.
Physical Security: For any physical servers or offices, we have appropriate controls (secure data centers, restricted access to offices where data is handled, etc.). We largely rely on reputable cloud infrastructure which themselves maintain robust physical security.
Third-Party Assurance: When using third-party services (like our hosting or payment providers), we choose providers that demonstrate strong security practices and certifications (for example, ISO 27001 certification, SOC 2 compliance, PCI DSS compliance for payments, etc.). We include security and data protection commitments in our contracts with them.

However, please note that no system can be 100% secure. Despite our efforts, we cannot guarantee the absolute security of your data, especially in transit over the internet. It is important for you as well to protect against unauthorized access to your account and personal data by using strong, unique passwords for our site and by keeping your account credentials confidential. If you have any reason to believe that your interaction with us or your account credentials have been compromised (for example, if you suspect someone else has accessed your account), please contact us immediately.

We will continuously review and update our security measures in line with technological developments and emerging threats.

8. Your Rights and Choices

Under applicable data protection laws, you have certain rights regarding your personal data. This section outlines those rights and how you can exercise them. These rights may vary depending on your jurisdiction (for example, EU/EEA residents have GDPR-granted rights; California residents have CCPA/CPRA rights – which we cover in a separate section below). We will honor rights to the extent required by applicable law and, where feasible, extend the spirit of those rights to all users even if not strictly required (for example, we generally allow data access and deletion requests for all users of our service globally, not just EU).

Your GDPR Rights (for Users in the EU/EEA, and similarly in the UK):

Right of Access: You have the right to request confirmation as to whether we are processing personal data about you, and if so, to request a copy of the personal data we hold about you. This includes information about the purposes of processing, the categories of data, the recipients (or categories of recipients) to whom the data has been disclosed, the envisaged retention period (or criteria to determine it), and the existence of your other rights. We will provide you with a copy of your personal data undergoing processing, usually electronically. For additional copies, we may charge a reasonable fee based on administrative costs as allowed by law.
Right to Rectification: If any personal data we have about you is inaccurate or incomplete, you have the right to have it corrected or completed without undue delay. You can also update some of your information directly by logging into your account (e.g., you can correct your profile data). For other data that you cannot update yourself, you can send us a request and we will make the correction where possible.
Right to Erasure (Right to be Forgotten): You have the right to request that we delete your personal data, and we will comply, provided one of the following grounds applies: (a) the data are no longer necessary for the purposes for which they were collected or processed; (b) you withdraw consent (if the processing was based on consent) and no other legal ground exists; (c) you object to processing based on our legitimate interests and there are no overriding legitimate grounds for continuing; (d) the data was processed unlawfully; or (e) the data must be erased for compliance with a legal obligation. Please note there are certain exceptions where we can refuse deletion – for example, where processing remains necessary to comply with a legal obligation or to establish/exercise/defend legal claims, or in some cases, if the data is necessary for the provision of service (and you still wish to receive the service). If you delete your account or request erasure, we will remove your personal data from active use but may retain some information as described in the “Retention” section (e.g., transaction records or log entries in backup) as required or permitted by law.
Right to Restriction of Processing: You have the right to ask us to limit the processing of your personal data (i.e., store it but not use it) in certain circumstances: if you contest the accuracy of the data (for a period enabling us to verify it); if the processing is unlawful but you oppose erasure and request restriction instead; if we no longer need the data but you need it for a legal claim; or if you have objected to processing (see below) and verification of our overriding grounds is pending. When processing is restricted, we will only process that data (aside from storing it) with your consent or for specific reasons like legal claims.
Right to Data Portability: For data that you have provided to us and which we process by automated means based on your consent or on a contract, you have the right to request a copy in a structured, commonly used, machine-readable format (for example, JSON or CSV), and you have the right to transmit that to another controller (or have us do it, where technically feasible). In practice, this usually applies to things like profile data or content you’ve given us. We’ll assist in transferring data if requested, provided it’s technically feasible and doesn’t adversely affect others’ rights (note that certain data might be too intertwined with others or in formats that are proprietary).
Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you that is based on our legitimate interests (Art. 6(1)(f) GDPR). If you raise such an objection, we will evaluate it and will cease processing the personal data in question unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless we require it for the establishment, exercise, or defense of legal claims. You also have an absolute right to object to the use of your personal data for direct marketing purposes at any time – if you do so, we will stop using your data for that purpose immediately.
Right to Withdraw Consent: Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. For example, if you have given consent for us to send you newsletters, you can unsubscribe (withdrawing consent for marketing emails). If you consented to optional cookies, you can withdraw by updating preferences or clearing cookies. Note that withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right not to be Subject to Automated Decision-Making: We do not engage in any fully automated decision-making, including profiling, that produces legal or similarly significant effects on you, without human involvement. If this changes in the future, you would have rights to certain safeguards and possibly to object to such decisions or request human intervention.
Right to Complain: If you believe that our handling of your personal data violates data protection law, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or where the alleged infringement occurred. In Austria, the supervisory authority is the Austrian Data Protection Authority (Datenschutzbehörde). In the UK, it’s the Information Commissioner’s Office (ICO). In Germany, each federal state has its own DPA. We would, however, appreciate the chance to address your concerns directly before you approach a regulator, so we invite you to contact us first to resolve any issue.

Exercising Your Rights: To exercise any of the above rights, please contact us at privacy@leto.space or use the contact information in our Imprint. Please be as specific as possible about your request (for example, what data you want to access, or which processing you object to). For your security, we may need to verify your identity before fulfilling your request (e.g., by asking you to confirm from your registered email or by other verification means). We will respond to your request within one month, or inform you if we need additional time (up to a maximum extension of two further months in certain complex cases). If we cannot fulfill your request (for instance, if it would adversely affect others’ rights, or if an exemption applies), we will explain our reasoning. Generally, we charge no fee for exercising rights, but if a request is manifestly unfounded or excessive (for example, repetitive), we may charge a reasonable fee or refuse the request as allowed by law.

California Privacy Rights (CCPA/CPRA): If you are a California resident, please refer to the section “California Privacy Rights” below (Section 9) for specific details on your rights under California law (the rights largely overlap with the above but are framed differently, such as right to know, delete, correct, opt-out of sale/sharing, etc.).

Other Jurisdictions: Users from other states or countries may have additional or slightly different rights. For example:

In some U.S. states (like Virginia, Colorado, Connecticut, Utah in 2023), consumers also have rights similar to CCPA (right to confirm processing, access, delete, portability, opt out of certain processing, etc.). We extend similar capabilities to all U.S. users: you can request access or deletion by contacting us.
If you are in a country like Brazil (LGPD) or Canada (PIPEDA), you have rights to access and correction, etc., which we will honor in line with our policy.
If any discrepancy between local law and our practice arises, local law prevails for that user.

Opting Out of Marketing: As noted, you can always opt out of marketing emails by clicking the “unsubscribe” link in any such email, or by adjusting your account preferences if applicable, or contacting us. Even after you opt out of marketing, you may still receive administrative communications (like service notices or legally required communications, e.g., changes to terms or security alerts).

Cookie Choices: For cookie consent preferences, see Section 3 on how to adjust those and your ability to revoke consent.

We are committed to enabling you to exercise your rights. If you need assistance, please do not hesitate to contact us.

9. California Privacy Rights

This section provides additional information to California residents in accordance with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), effective January 1, 2023. It describes our data practices during the 12 months preceding the effective date of this Privacy Policy, as required by the CCPA.

Categories of Personal Information Collected: In the past 12 months, we have collected the following categories of personal information (as defined under CCPA) from California consumers, with examples of data points in each category and the sources from which we collected that information:

Identifiers: e.g., real name, alias or username, email address, IP address, account ID. Sources: Provided directly by you (e.g., during account registration or when submitting forms); collected automatically (IP address via your interactions with the site).
Personal Information Categories from CA Customer Records (Cal. Civ. Code § 1798.80(e)): overlapping with identifiers above, e.g., name, telephone number (if provided), company affiliation, payment card number (for transactions). Sources: Provided by you (e.g., if you fill out contact information, or make a purchase). Note: We do not collect Social Security numbers, driver's license, or government ID numbers, or medical/health or insurance information.
Characteristics of Protected Classifications: We do not actively collect sensitive characteristics like race, gender, or date of birth in our normal course (Spacegraph is not designed to collect such info, except possibly what can be inferred from a name or you voluntarily provide, such as a profile photo). We do not ask for or use such data.
Commercial Information: e.g., records of products or services purchased, obtained, or considered, or other purchasing or consuming histories. Sources: Derived from your transactions on our platform (like which reports you bought) or your browsing behavior (e.g., what solutions you viewed could imply interest).
Internet or Other Electronic Network Activity Information: e.g., browsing history, search history, and interactions with our website, pages visited, time stamps, clicks, and referring URLs. Sources: Collected automatically via cookies and similar technologies when you use Spacegraph.
Geolocation Data: We do not specifically collect precise geolocation. We might infer general location from your IP address (e.g., approximate city or region).
Professional or Employment-Related Information: e.g., your employer or company (if you provide it in your profile or as a solution provider), your job title, industry, and professional interests. Sources: Provided by you in your profile or contributions.
Education Information: We do not collect education records.
Inferences: We may draw inferences from the above data to create a profile about a consumer’s preferences or characteristics. For instance, based on your browsing or search patterns on Spacegraph, we might infer interests in certain types of solutions or industry trends, which helps personalize content shown to you.

Sensitive Personal Information: Under CPRA, “sensitive personal information” includes things like account credentials, precise geolocation, racial or ethnic origin, union membership, communications content, genetic data, biometric info, health info, sexual orientation, etc. We do not collect or process sensitive personal information for inferring characteristics. The only items that could be considered “sensitive” we handle are account login credentials (email and password) – which we use solely to provide you access (and we hash passwords), and perhaps contents of messages if you communicate with a solution provider through our system (considered confidential, but not used for any secondary purpose). We do not use or disclose sensitive info except as necessary to provide our services or as otherwise permitted by law (e.g., security purposes). Therefore, we treat any sensitive personal info we may have as falling under applicable processing exemptions (like using login credentials to authenticate is a “necessary to provide service” use).

Purposes for Collecting or Using Personal Information: We collect or use the above categories of personal information for the business and commercial purposes detailed in Section 2 (“Purposes and Legal Bases”), which align with the purposes the CCPA contemplates. In summary, these purposes include:

Providing and improving our services (accounts, platform functionality, connecting users with solution providers).
Communicating with users (including marketing communications, with opt-out options).
Processing transactions and fulfilling requests (market report purchases, etc.).
Analytics and personalization of user experience.
Ensuring security and preventing fraud or illegal activity.
Debugging and repairing errors.
Legal compliance and exercising or defending legal claims. We do not use personal data for purposes that are incompatible with the original purposes without obtaining consent.

Categories of Sources: We collect personal information directly from you (e.g., when you sign up or submit forms), automatically via your interactions with our services (through cookies and logs), and from third parties (e.g., if you use a third-party login, or public sources for company data).

Disclosure of Personal Information: We have disclosed some categories of personal information to third parties for business purposes in the last 12 months, as required to run our service. Specifically:

Identifiers (like your name, email, IP) and Internet Activity Info may be disclosed to our service providers (e.g., cloud hosting providers, analytics provider Google Analytics with truncated IP, email service provider, etc.) for the business purposes of providing and improving the service.
Commercial Information (like purchase records) may be shared with our payment processors and accounting system providers for processing transactions and bookkeeping.
Professional Information might be shared when you connect with a solution provider (we send them your info at your request) or stored with our CRM if we use one. We do not disclose personal information to third parties outside the scenarios laid out in Section 4 (e.g., we don’t sell lists or etc.). All disclosures were for a business purpose (service provision, not for those parties’ independent use except as needed to provide the service to us).

Sale or Sharing of Personal Information: As stated, we have not sold personal information in the last 12 months. We also do not “share” personal information as defined in CPRA (meaning we don’t share it for cross-context behavioral advertising). We do use Google Analytics and similar cookies which potentially could be argued as a “share” with Google for analytics, but Google is contractually limited from using that data for other clients or to build advertising profiles (we use IP anonymization and no Google ads features). In any case, if any such usage were considered “sharing,” you have the right to opt out. We respect global opt-out preference signals like the GPC (Global Privacy Control) for California residents to the extent they indicate an opt out of sale/sharing; but since we don’t sell or share, the effect is mostly that we don’t load any non-essential scripts if you’ve opted out in our cookie banner.

Children’s Data: We do not have actual knowledge that we sell or share personal information of consumers under 16 years of age. Our service is not intended for children under 16, and they are not permitted to use it.

California Consumer Rights: If you are a California resident, you have the following rights with respect to your personal information (some rights are subject to certain limitations under CCPA):

Right to Know: You may request that we disclose to you the specific pieces of personal information we have collected about you, as well as additional information about our data practices, including the categories of personal information collected, the categories of sources, the business or commercial purposes, the categories of personal information disclosed for a business purpose or sold/shared (if any), and the categories of third parties to whom information was disclosed or sold/shared. Much of this is outlined in this Policy, but you can request more detail or a copy of your actual data.
Right to Delete: You may request that we delete personal information that we have collected from you and retained, subject to certain exceptions. For example, if we need the info to complete a transaction, detect security incidents, comply with legal obligations, or other exemptions provided by law, we may deny the deletion request for those specific grounds. If no exception applies, we will delete (and direct our service providers to delete) your information from our records.
Right to Correct: You may request that we correct inaccurate personal information that we maintain about you. Considering the nature of the personal information and purposes of processing, we will take appropriate steps to correct it as directed by you (or you might do so in your account directly).
Right to Opt-Out of Sale or Sharing: As discussed, we do not sell personal data or share it for targeted advertising. If that changes, we will provide a clear “Do Not Sell or Share My Personal Information” link or mechanism. Meanwhile, if you want to ensure no analytics cookies (potential “sharing”) are used, you can decline those via our cookie banner or send us a GPC signal.
Right to Limit Use of Sensitive Personal Information: If we used sensitive personal info (like precise geolocation, etc.) for non-exempt purposes, you could limit that. As of now, we don’t use sensitive info for any purpose that triggers this right. We only use such info for providing services or security (exempt purposes).
Right of Non-Discrimination: You have the right not to receive discriminatory treatment by us for the exercise of your privacy rights under CCPA/CPRA. This means we will not deny you goods or services, charge different prices, or provide a different level of quality because you exercised these rights (consistent with law; note that if you request deletion of data necessary for the service, we may not be able to provide the service, but that’s a direct result of your request and not a punitive action).

Submitting Requests: California residents may submit requests to know, delete, or correct by:

Emailing us at privacy@leto.space with the subject line “CCPA Request” and state your request.
Or writing to our postal address (see Imprint) – Attn: Privacy/CCPA. Currently, we do not offer a toll-free number given our size, but we will monitor demand and regulatory requirements.

Verification: For your security, we need to verify your identity (and California residency) before processing certain requests. If you have an account, we may verify through existing authentication (e.g., having you sign in and send request through your account/email on file). If you don’t have an account, we might ask for at least two pieces of info to match against our records (e.g., your email and some recent interaction, or other identifier we have). For requests for specific pieces of info (or high sensitivity), we may require further verification or a signed declaration under penalty of perjury that you are who you say.

Authorized Agent: You may designate an authorized agent to make a request on your behalf. If an agent (like an attorney or someone with power of attorney) submits a request, we will require proof that you gave them signed permission to act on your behalf, and we may still require you to verify your identity directly with us (unless the agent has a power of attorney compliant with California Probate Code). For agent requests, the agent should provide either: your signed permission, their own verification of identity, and possibly confirmation from you directly that you authorized them.

Response Timing: We aim to respond to verifiable consumer requests within 45 days. If needed (due to complexity or volume), we may extend by an additional 45 days (90 days total) but will inform you of the extension and the reason within the initial 45 days.

This California section is intended to comply with CCPA/CPRA and to supplement the main Privacy Policy. If there are any conflicts, this section takes precedence for CA residents.

10. Other Jurisdiction-Specific Notices

UK (United Kingdom): References to GDPR in this policy should be taken to include the UK GDPR (the version of GDPR retained in UK law after Brexit) for users in the UK. If you are in the UK, the “supervisory authority” mentioned in the policy refers to the UK Information Commissioner’s Office (ICO). You have similar rights under UK law as described for EU individuals. You may lodge complaints with the ICO (website: ico.org.uk). We have not appointed a separate UK representative because, as of now, our processing activities do not fall under the requirement to do so (we are an EU company mainly, and any UK user data is handled in compliance with UK GDPR by us directly). If that changes, we will update accordingly.

EEA/EU: For EU users, our lead supervisory authority (as an Austrian company) is likely the Austrian Data Protection Authority, but you can reach out to your local authority too. We comply with the ePrivacy Directive (cookie rules) and local implementations thereof for cookies and direct marketing (hence the consent banner and opt-in approach where required).

Australia: Although not required to do so, we attempt to adhere to the spirit of the Australian Privacy Principles (APPs). We do not engage in “direct marketing” without consent aside from transactional stuff. We likely are exempt from mandatory data breach notification given our size, but we would aim to notify affected users in the event of a serious breach nonetheless.

Brazil: We strive to comply with LGPD principles. The legal bases we mention (consent, contract, legitimate interest, etc.) align with LGPD bases. If needed, you can contact us for LGPD rights like confirmation of processing, data access, correction, anonymization/blocking/deletion of unnecessary or excessive data, portability, information on sharing, revocation of consent, etc. Our contact for LGPD requests is the same email.

Canada: We comply with PIPEDA for Canadian user data. This means we obtain consent for collection, use, and disclosure of personal data, allow access and correction upon request, and have safeguards. We don’t transfer data to Canada specifically unless a provider is there, but any transfers outside Canada to us (in EU) are in line with PIPEDA’s provisions. If you’re in Quebec, we also respect the updated privacy law requirements (for example, we’d get consent for secondary uses if needed). You may contact us for any privacy queries.

China: Our service is not directed to China, and we don’t knowingly store data in China or share with Chinese entities. If Chinese data laws (like PIPL) were to apply, users could exercise similar rights (access, correction, etc.). We do not meet thresholds for localization or security assessments under PIPL since we have minimal data from China (if any). Chinese users, by using our service, presumably consent to cross-border transfer of their data to the EU as needed.

If you are based in any jurisdiction with specific privacy requirements not explicitly listed here, you can contact us, and we will endeavor to accommodate any applicable rights or requirements to the extent we are subject to them.

11. Third-Party Links and Services

The Spacegraph platform may contain links to websites or services operated by third parties (for example, a link to a solution provider’s external website, or embedded content from other platforms). Please be aware that this Privacy Policy does not apply to third-party websites or services that you may access via such links. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites or services before providing any personal information to them.

Similarly, if you engage with third-party features on our site, such as a social media “share” button or a third-party login option, those features are governed by the terms and policies of the third party that provides them.

We aim to mark or indicate when you are leaving our site or interacting with a third-party frame within our site, but there may be cases where it’s not immediately obvious. If ever in doubt, you can check the URL/domain of the link.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. If we make material changes to this Privacy Policy, we will notify you by updating the date of this policy, and prominently posting a notice on our website or via other communication (e.g., email notification) prior to the change becoming effective, where required by law. We encourage you to review this Privacy Policy periodically to be informed about how we are protecting your information.

Any changes to this Privacy Policy will become effective when the updated policy is posted (or as of the effective date stated in the notice, if later). By continuing to use Spacegraph after those changes become effective, you are acknowledging the revised Privacy Policy.

If you do not agree with the changes, you should discontinue use of our services and may request us to delete your data (as per Section 8). We will note prior versions of this Policy and can provide them upon request for reference.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us using the information below:

LETO SPACE GmbH (Spacegraph) Attn: Privacy Team/Data Protection Officer (Note: Currently we are not required to have a formal DPO under GDPR, but we designate a responsible person internally.) Stremayrgasse 16 8010 Graz Austria

Email: privacy@leto.space (for privacy inquiries) Phone: +43 676 4554355 (please ask for the privacy/data protection contact)

We will do our best to address and resolve any issues or questions you have about your privacy or this Policy. Your trust is important to us, and we welcome feedback on how we can improve our privacy practices.

Last Updated: June 16, 2025

Ready-to-Deploy

Space Enabled Solutions

For Your Business

Home

Settings

Market Intelligence

FAQ

Marketplace

Imprint & Legal

Built by